Blogroll

Photography

Seriously, if you hadn’t figured out long ago that you were the product Facebook was selling, you were not paying very much attention.

Remember all those pictures you uploaded to Facebook. If you read the terms of service, you will find that Facebook reserves the right to do anything they want with them, including using them advertising.

It’s not just malware may be lurking on USB memory devices, perhaps even installed at the factory. A couple of clever lads have figured out how to reprogram the flash that controls just about any USB device. Which is pretty much like giving them the keys to the Kingdom. Here are some of the scary highlights from the article.

“Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted.”

I’m waiting for the standalone device that reads and reflashes USB firmware to hit the IT market at an obscene profit margin.

Wait! It gets worse.

The problem isn’t limited to thumb drives. All manner of USB devices from keyboards and mice to smartphones have firmware that can be reprogrammed—in addition to USB memory sticks, Nohl and Lell say they’ve also tested their attack on an Android handset plugged into a PC. And once a BadUSB-infected device is connected to a computer, Nohl and Lell describe a grab bag of evil tricks it can play. It can, for example, replace software being installed with with a corrupted or backdoored version. It can even impersonate a USB keyboard to suddenly start typing commands. “It can do whatever you can do with a keyboard, which is basically everything a computer does,” says Nohl.

The malware can silently hijack internet traffic too, changing a computer’s DNS settings to siphon traffic to any servers it pleases. Or if the code is planted on a phone or another device with an internet connection, it can act as a man-in-the-middle, secretly spying on communications as it relays them from the victim’s machine.